A processor may be capable of exercising control over security features according to various security dimensions. One dimension may correspond to a mode of operation associated with a processor. The mode of operation may limit access to certain processor resources, including special-purpose registers. For example, some processors may execute in a user mode and in one or more privileged modes. An operating system (OS) may utilize the processor in a privileged mode. An application process, on the other hand, may operate in the user mode.
A processor may also execute a process in a secure mode or in a non-secure mode. A trusted software or firmware monitor may switch the processor to the secure mode. In the secure mode, the processor may gain additional levels of privilege necessary to execute trusted code and to access secure resources. Tasks such as authentication, signature manipulation, and secure transaction processing may be enabled thereby.
Some processors may utilize a memory management unit (MMU) to implement a secure set and a non-secure set of memory page tables. Using this structure, memory partitions and memory-mapped peripheral resources may be established as secure or non-secure based on a manipulation of the memory page tables by the processor. Secure processes may be able to access secure resources, and non-secure processes may be prohibited from accessing secure resources.